package de.rcenvironment.core.utils.common.security;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.Bundle;
import org.osgi.framework.FrameworkUtil;

/* loaded from: input_file:de/rcenvironment/core/utils/common/security/AbstractDeserializationClasspathCheck.class */
public abstract class AbstractDeserializationClasspathCheck {
    private static final String[] KNOWN_COMMONS_COLLECTIONS_ROOT_NAMESPACES = {"org.apache.commons.collections.", "org.apache.commons.collections4.", "org.apache.commons.collections15."};
    private static final String[] KNOWN_UNSAFE_OR_SUSPICIOUS_COMMONS_COLLECTIONS_CLASSES = {"Transformer", "Factory", "functors.ConstantTransformer", "functors.ConstantTransformer", "functors.ClosureTransformer", "functors.InvokerTransformer", "functors.InstantiateFactory", "functors.InstantiateTransformer", "functors.PrototypeFactory"};
    private static final String[] OTHER_UNSAFE_OR_SUSPICIOUS_CLASSES = {"org.codehaus.groovy.runtime.ConvertedClosure"};
    private final Log log = LogFactory.getLog(getClass());

    public boolean checkForKnownUnsafeClassesInClasspath() {
        Pattern compile = Pattern.compile("^[a-zA-Z][a-zA-Z0-9\\.]+[a-zA-Z]$");
        Bundle bundle = FrameworkUtil.getBundle(getClass());
        this.log.debug("Running in context of bundle " + bundle + " (may be 'null' when not running in an OSGi context)");
        boolean z = false;
        for (String str : assembleListOfSuspiciousOrKnownUnsafeClassesForDeserialization()) {
            if (!compile.matcher(str).matches()) {
                throw new IllegalArgumentException("The class name seems to be malformed: " + str);
            }
            try {
                Class.forName(str);
                this.log.error("Known unsafe class found in classpath: " + str);
                z = true;
            } catch (ClassNotFoundException unused) {
                try {
                    Thread.currentThread().getContextClassLoader().loadClass(str);
                    this.log.error("Known unsafe class found via context classloader: " + str);
                    z = true;
                } catch (ClassNotFoundException unused2) {
                    if (bundle != null) {
                        try {
                            bundle.loadClass(str);
                            this.log.error("Known unsafe class found via bundle classloader: " + str);
                            z = true;
                        } catch (ClassNotFoundException unused3) {
                            this.log.debug("Not found in classpath (good): " + str);
                        }
                    }
                }
            }
        }
        return z;
    }

    private List<String> assembleListOfSuspiciousOrKnownUnsafeClassesForDeserialization() {
        ArrayList arrayList = new ArrayList();
        for (String str : KNOWN_COMMONS_COLLECTIONS_ROOT_NAMESPACES) {
            for (String str2 : KNOWN_UNSAFE_OR_SUSPICIOUS_COMMONS_COLLECTIONS_CLASSES) {
                arrayList.add(String.valueOf(str) + str2);
            }
        }
        for (String str3 : OTHER_UNSAFE_OR_SUSPICIOUS_CLASSES) {
            arrayList.add(str3);
        }
        return arrayList;
    }
}
